OxDEAD Unicornz

Have you ever seen so many?

Twisted.conch Does Not Support Strong Key Exchange Algorithms (Yet?)

You’ve probably heard about a Logjam attack on Diffie-Hellman key exchange algorithm Here is a post by Jethro Beekman providing some details and suggessions on hardening your SSH server security.

Few days ago I’ve started playing around Twisted Python framework in general and Conch library which handles SSH connections in an event-based manner in particular.

I’ve tried few SSH client examples from Twisted site getting similar errors:

1
2
3
4
5
6
2015-07-07 14:28:45+0300 [-] Starting factory <twisted.internet.endpoints.OneShotFactory instance at 0x7f745500ca28>
2015-07-07 14:28:45+0300 [_CommandTransport,client] Disconnecting with error, code 3
        reason: couldn't match all kex parts
2015-07-07 14:28:45+0300 [_CommandTransport,client] main function encountered error
        Traceback (most recent call last):
        Failure: twisted.internet.error.ConnectionDone: Connection was closed cleanly.

The problem is that twisted.conch.ssh.transport supports only two KeyExchange algorithms so far:

1
2
221      supportedKeyExchanges = ['diffie-hellman-group-exchange-sha1',
222                                'diffie-hellman-group1-sha1']

And they were excluded from the default list enabled key exchange algorithms. On my Fedora 22, Debian 8 nodes with OpenSSH 6.7 installed I have the following list by default:

1
2
3
4
5
6
curve25520-sha256@libssh.org,
ecdh-sha2-nistp256,
ecdh-sha2-nistp384,
ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group14-sha1

There are few tickets with requests and proposals how to add stronger diffie-hellman algorithms support. But they don’t show any recent activity so I’m not sure this is going to be merged any time soon. Also I didn’t find anything about elliptic curve algorithms support at all.

Workaround

Since I’m not brave nor skilled enough to dive into patching Twisted I’ve enabled diffie-hellman-group-exchange-sha1 algorithm support in SSH daemon settings on target nodes:

1
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1

If you don’t want to sacrifice security you may consider generating your own moduli as suggested here:

1
2
3
# ssh-keygen -G moduli-2048.candidates -b 2048
# ssh-keygen -T moduli-2048 -f moduli-2048.candidates
# mv moduli-2048 /etc/ssh/moduli

With diffie-hellman-group-exchange-sha1 enabled SSH connections should not fail.